package com.eage.security.filter;

import lombok.extern.slf4j.Slf4j;
import org.apache.shiro.web.filter.authc.UserFilter;
import org.springframework.web.bind.annotation.RequestMethod;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

/**
 * @Author: lex
 * @Date: 2019/2/26
 * @Desc 登入失败, 授权失败 请求地址拦截器. 因为是前后端分离,后台不控制页面跳转 返回登入失败状态码 之后返回前端而不用进行重定向
 */
@Slf4j
public class NoLoginFilter extends UserFilter {

    /**
     * 判断是否跳过跨域,前端token是否验证成功
     */
    @Override
    protected boolean preHandle(ServletRequest request, ServletResponse response) throws Exception {
        HttpServletResponse httpResponse = (HttpServletResponse) response;
        HttpServletRequest httpRequest = (HttpServletRequest) request;
        //在访问过来的时候检测是否为OPTIONS请求，如果是就直接返回true
        if (httpRequest.getMethod().equals(RequestMethod.OPTIONS.name())) {
            ShiroURLFunction.setHeader(httpRequest, httpResponse);
            return true;
        }
        return super.preHandle(request, response);
    }

    /**
     * 该方法会在验证失败后调用，这里由于是前后端分离，后台不控制页面跳转
     * 因此重写改成传输JSON数据
     */
    @Override
    protected void saveRequestAndRedirectToLogin(ServletRequest request, ServletResponse response) throws IOException {
        ShiroURLFunction.saveRequestAndRedirectToLogin(request, response);
    }

}